LDAP (Lightweight Directory Access Protocol) is a protocol that applications can use to retrieve data about users and groups from an LDAP server.

To connect Skylight to an LDAP directory:

  1. Navigate to Domain Settings and select the Authentication tab.

  2. Ensure SAML authentication is configured prior to configuring LDAP.

  3. Click to enable LDAP federation.

  4. Input the following fields for your LDAP server configuration:

    • Vendor - Any nickname to describe the vendor of the LDAP server.

    • Server address - The hostname or IP address of the LDAP server.

    • Bind DN - The username used to connect to the LDAP server.

    • Bind credential - The password used to connect to the LDAP server.

    • Base DN - The base DN for your directory. (ex. cn=users,dc=ad,dc=example,dc=com)

    • UUID attribute - The LDAP attribute you use to uniquely identify your users. (ex. sAMAccountName)

    • Automatic sync interval (in hours) - The interval in which Skylight should synchronize the user and group data with the LDAP server.

  5. Click to add custom LDAP filters. Input the following fields for each filter:

    • Filter - Query used to filter which users are synchronized from the Base DN. Each type of LDAP server has specific query syntax, so consult the documentation for your LDAP server.

    • Name - The name of the Skylight group in which the filtered users should be synchronized to.

  6. To delete a custom filter, hover over the filter area and click to the right of the filter.

  7. Click SAVE in the bottom-right of the window to commit your changes.


To manually trigger a sync of the users and groups from the LDAP server into Skylight outside of the configured sync interval:

  1. Press the button under Automatic sync interval.